NEW YORK STATE SECURITY BREACH REPORTING FORM 
Pursuant to the Information Security Breach and Notification Act 
(General Business Law §899-aa) 


Name and address of Entity that owns or licenses the computerized data that was subject to the breach : 

_Proskauer Rose LLP_ 

Street Address: 11 Times Square_ 

City: New York_ State: NY_ Zip Code: 10036_ 


Submitted bv : Kristen Mathews_ Title: Partner_ Dated: 4/5/16_ 

Firm Name (if other than entity):___ 

Telephone: 212-969-3265__ Email: kmathews@proskauer.com_ 

Relationship to Entity whose information was compromised: _ 

Type of Organization (please select one): [ ] Governmental Entity in New York State; [ 1 Other Governmental Entity 
[ ] Educational; | [Health Care; [ [Financial Services; [ X [Other Commercial; or [ ) Not-for-profit. 


Number of Persons Affected : 

Total (Including NYS residents):_l,519_ NYS Residents: 703_ 

If the number of NYS residents exceeds 5,000, have the consumer reporting agencies been notified? [ 1 Yes | 1 No 
Dates : Breach Occurred:_2/28/16_Breach Discovered:_3/31/16_Consumer Notification: 4/4/16_ 


Oescription of Breach (please select a]l that apply): 

I [Loss or theft of device or media (e.g., computer, laptop, external hard drive, thumb drive, CD, tape); 

[ (Internal system breach; [ [Insider wrongdoing; [ [External system breach (e.g., hacking); 

[ [Inadvertent disclosure; [X[Other specify): information sent in resp onse to fraudulent email _ 

Information Acquired : Name or other personal identifier in combination with (please select aU that apply): 
[XJSocial Security Number 

[ [Driver's license number or non-driver identification card number 

| [Financial account number or credit or debit card number, in combination with the security code, access code, 
password, or PIN for the account 

Manner of Notification to Affected Persons - ATTACH A COPY OF THE TEMPLATE OF THE NOTICE TO 
AFFECTED NYS RESIDENTS: 

(X[ Written [ [ Electronic [ ) Telephone [ ] Substitute notice 

List dates of any previous (within 12 months) breach notifications: ___ 

Identify Theft Protection Service Offered : [ X [Yes [ [ No 

Duration:_2 years_Provider: IDExpert__ 

Brief Description of Service: My IDCare Identity Protection ID theft monitoring service 
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[Proskauer Letterhead with mailing address] 


April 4, 2016 


VIA FIRST CLASS MAIL 


[address] 

Re: Notice of Data Breach 
Dear [insert name]: 

We are writing to tell you about a data security incident that may have exposed some of your 
information as an employee of the Firm. We take the protection and proper use of your 
information very seriously. That is why we arc contacting you directly to let you know what 
happened, what we are doing, and what you can do. 

What Happened? 

We have received several reports from Firm employees that tax returns have been filed in their 
names by unauthorized individuals in acts of identity theft. 

Based on our investigation, it appears that an employee in our payroll department received a 
fraudulent email requesting copies of W-2s of Firm personnel. The email appeared to be an 
internal email from one of our senior executives. Believing that the email request was 
legitimate, on February 28, 2016, the payroll employee emailed the requested information. The 
rcply-to email address was fraudulent and the information was transmitted to an unauthorized 
third party. 

We have established that the security of our information technology systems was not breached 
and that no other employee information, and no client information whatsoever, was 
compromised by this isolated incident. 

What Information Was Involved? 

The information compromised consists of the information found on W-2 forms, including your 
full name and Social Security number, but not that of your family members. 

What Are We Doing? 

The IRS does not hold individuals financially responsible for this type of identity theft, but if you 
are victimized by it, you should report it to the IRS and applicable state taxing authorities so that 
they can rectify the situation. We are assisting all Firm employees with the preparation of the 
forms that should be submitted to federal and state taxing authorities. 
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In addition, we are offering all employees a two-year membership in an ID theft monitoring 
service, ID Experts, at no cost. In order to access this service you should log on to 
www.idexpertscorp.com/protect and use your unique code [0000000000]. You can also call 
them on 866-329-9984 to activate this service. 

We suggest that you also actively monitor your financial account statements and the free credit 
reports that are available to you, and report any unauthorized activity to your bank and/or credit 
bureau, and to us. 

Finally, we are taking steps to prevent something like this from happening again. In particular, 
we have enhanced staff training, improved management controls, and placed restrictions on the 
type of data that is electronically transmitted both within the firm, as well as outside. 

What Can You Do? 


You can also put a “credit freeze” on your credit file so that no new credit can be opened in your 
name without the use of a PIN number that is issued to you when you initiate the freeze. Please 
note that placing a credit freeze may delay your applications for credit, mortgage, employment, 
housing, insurance, utilities or even cellular telephone service. The following links provide 
instructions for placing a credit freeze at the three national credit bureaus: 

https://www.experian.com/ncaconline/freeze 
https://frecze.transunion.com/sf/securitvFreeze/landinuPatie.isp 
https://www.freczc.equifax.com/Freeze/isp/SFF PersonallDInfo.isp 

Enclosed with this letter is additional information that may assist you to protect yourself from 
identity theft. 

We continue to investigate this matter and will inform you of any additional information we 
uncover that may be helpful to you. 

For More Information 


If you have any questions about this incident, we encourage you to contact us by telephone at 
800-642-8349 (internal 13999), or by e-mail at questions@proskauer.com . 

We deeply regret that this incident occurred. We are committed to assisting you and taking steps 
to ensure that an incident like this does not happen again. 


Sincerely, 


Jonathan O’Brien 
Chief Financial Officer 
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U.S. State Notification Requirements 


For residents of California, Hawaii. Illinois. Iowa. Maryland, Michi 


Virginia. Washington, West Zirqinia, and Wvomin 


Missouri. North Carolina, 0, 


It is recommended by state law that you remain vigilant for incidents of fraud and identity theft by reviewing credit card account 
statements and monitoring your credit report for unauthorized activity. You may obtain a copy of your credit report, free of charge, 
whether or not you suspect any unauthorized activity on your account by contacting any one or more of the national consumer 
reporting agencies listed below. They can also provide you with information about fraud alerts and security freezes. 

Equifax Experian Transllnion 

P.O. Box 740241 P.O. Box 2104 P.O. Box 6790 

Atlanta, GA 30348 Allen, TX 75013 Fullerton, CA 92834-6790 

1-800-685-1111 1-888-397-3742 1-877-322-8228 

www.equifax.comwww.experian.comwww.transunion.com 


For residents of Iowa -. 

State law advises you to report any suspected identity theft to law enforcement or to the Attorney General. 



State laws advise you to report any suspected identity theft to law enforcement, as well as the Federal Trade Commission. 


State laws require us to tell you that you can obtain information from the Federal Trade Commission about steps you can take to 
avoid identity theft (including how to place a fraud alert or security freeze). If you are a Maryland or North Carolina resident, you 
may also be able to obtain this information from your state's Attorney General. 


MD Attorney General's Office 
Consumer Protection Division 
200 St. Paul Place 
Baltimore, MD 21202 
1-888-743-0023 
www.oaa.state.md.us 


For residents of Massach. 


NC Attorney General's Office 
Consumer Protection Division 
9001 Mail Service Center 
Raleigh, NC 27699-9001 
1-877-566-7226 


and West Virginia. 


Federal Trade Commission 
Consumer Response Center 
600 Pennsylvania Avenue, NW 
Washington, DC 20580 
1-877-IDTHEFT (438-4338) 
www.ftc.aov/bcp/edu/microsites/ 


State laws require us to inform you of your right to obtain a police report if you are a victim of identity theft. You also have the right 
to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans and services from being 
approved in your name without your consent; however, using a security freeze may delay your ability to obtain credit. 

To place a security freeze on your credit report, you need to send a request to a consumer reporting agency by certified mail, 
overnight mail, or regular stamped mail. The following information must be included when requesting a security freeze (note that if 
you are requesting a credit report for your spouse, this information must be provided for him/her as well); (1) full name, with middle 
initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past 
five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The 
request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance 
statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue. The 
consumer reporting agency may charge a fee of up to $5.00 to place a freeze or lift or remove a freeze, unless you are a victim of 
identity theft or the spouse of a victim of identity theft, and you have submitted a valid police report relating to the identity theft 
incident to the consumer reporting agency. 

Equifax Security Freeze Experian Security Freeze Transllnion (FVAD) 

P.O. Box 105788 P.O. Box 9554 P.O. Box 6790 

Atlanta, GA 30348 Allen, TX 75013 Fullerton, CA 92834-6790 

www.eauifax.com_www.experian.com_ www.transunion.com _ 
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Johnson, Melissa (DOS) 


From: 

Sent: 

To: 

Cc: 

Subject: 

Attachments: 


Handler, Chelsea P. <chandler@proskauer.com> 

Wednesday, April 06, 2016 6:35 PM 
dos.sm.CP.SecurityNotification 
Mathews, Kristen J. 

Notice on Behalf of Proskauer Rose LLP 

NY State Agency Notice - Proskauer (2).pdf - Adobe Acrobat.pdf 


ATTENTION. 


IN: This email came from an external source. Do not open attachments or dick on links from unknown senders or 

unexpected emails. 


Please see the attached from Kristen Mathews. 


Best, 

Chelsea 

Chelsea P. Handler 

Associate 

Proskauer 

Eleven Times Square 
New York, NY 10036-8299 
d 212.969.3169 
f 212.969.2900 
chandler@proskauer.com 


****************************************************************************************** 

************************************************************ 

This message and its attachments are sent from a law firm and may contain information that is confidential and 
protected by privilege from disclosure. 

If you are not the intended recipient, you are prohibited from printing, copying, forwarding or saving them. 
Please delete the message and attachments without printing, copying, forwarding or saving them, and notify the 
sender immediately. 

He***************************************************************************************** 

************************************************************ 
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